For this assignment, you will write a paper directed at technologists within an organization.
For this assignment, you will write a paper directed at technologists within an organization. Your objective is to raise awareness and have technologists integrate appropriate security options and secure practices throughout an organization. Select an organization that you know or a convenient source on the Internet as a foundation.
Note: Most assignments require you to apply your knowledge to a specific organization and to adapt to the specific exposures within the industry of your organization. It will be beneficial to use the same organization throughout the course.
Be sure your paper includes the following:
An overview of risk analysis with reference to the NIST CSF, NIST RMF, and other related standards and frameworks.
An interpterion of how they might address risk using the two referenced NIST publications as well as any other specific standards and frameworks applicable to your specific choice.
Length: 5 -6 page paper, excluding title and reference pages
References: Include a minimum of 2 references using the course resources and 2 scholarly resources (not including those in the course materials). Cite at least 1 peer-reviewed research study from the NCU library to support your ideas.
Week 1 Resources
NIST: Risk Management Framework for Information Systems and Organizations
National Institute of Standards and Technology. (2018, December). SP 800–37 Rev. 2, RMF: A system life cycle approach for security and privacy.CSRC.
The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support the implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).
Understanding NIST’s New Risk Management Framework
Jaeger, J. (2019). Understanding NIST’s new risk management framework. Compliance Week, 16(177), 62.
This resource will help you understand the new Risk Management Framework that the National Institute of Standards and Technology (NIST) recently released the final version of its current Risk Management Framework, including a detailed new roadmap for businesses of all sizes looking to incorporate their cyber-security, privacy, and supply-chain risk management processes.
NIST Ushers in a New Era of IT Risk Management
Berk, S. (2020). NIST ushers in a new era of IT risk management. ISSA Journal, 18(1), 14–19.
The NIST Risk Management Framework (RMF) walks enterprise defense contractors through the assessment and authorization (A&A) process to demonstrate that their government-connected or -supporting networks are safe and that they have sufficient processes in place to handle and mitigate cybersecurity risk.
Benchmarks and Audit Standards
Greene, S. (2020). 32.2 Frameworks and guidance (Lesson 32: Explain the importance of applicable regulations standards or frameworks that impact organizational security posture) [Video]. In CompTIA Security+ SY0-601.
Pearson IT Certification.
An information security benchmark is intended to help an organization identify its cybersecurity capabilities. The Center for Internet Security, CIS benchmarks are consensus-based best practices for the secure configuration of a target system. The CIS benchmarks are widely accepted by government, business, industry, and academia.
Framework for Improving Critical Infrastructure Cybersecurity
National Institute of Standards and Technology. (2018). Framework for improving critical infrastructure cybersecurity, Version 1.1.
This publication is the result of an ongoing collaborative effort involving industry, academia, and government. The National Institute of Standards and Technology (NIST) launched the project by convening private- and public-sector organizations and individuals in 2013. Published in 2014 and revised in 2017 and 2018, this Framework for Improving Critical Infrastructure Cybersecurity has relied upon eight public workshops, multiple Requests for Comments or Information, and thousands of direct interactions with stakeholders from across all sectors of the United States along with many sectors from around the world.
Image preview for”for this assignment, you will write a paper directed at technologists within an organization. “